MapR Security Support Matrix

The tables in this section show component support for authentication, impersonation, and wire-level encryption.

IMPORTANT Release 6.x user documentation is no longer being updated. As a result, this page might be out of date. For the most current compatibility information, see the corresponding page under Interoperability Matrices.

Information is provided for the MapR 6.1 and MapR 6.0.1 releases. See these sections:

Table 1 - Authentication in MapR 6.1
Table 2 - Impersonation and Wire-Level Encryption in MapR 6.1
Table 3 - Authentication in MapR 6.0.1
Table 4 - Impersonation and Wire-Level Encryption in MapR 6.0.1

Tables 1 and 3 show component support for authentication using MapR-SASL, Kerberos, and PAM.

Tables 2 and 4 show component support for impersonation and wire-level encryption.

Table Symbols

The tables in this section use dashes to indicate non-support and directional arrows to convey inbound and outbound communication:

A dash (—) indicates that the feature is currently not supported, not needed, or not applicable.
A right arrow (A → B) means OUTBOUND from A and INBOUND to B.
A double arrow (A ↔ B) means OUTBOUND from A and INBOUND to B, and vice versa.
No arrow indicates OUTBOUND communication from the subcomponent to all components with which it communicates.

Authentication in MapR 6.1

Table 1. Component Support for Authentication
Main Component	Subcomponent	Authentication
Main Component	Subcomponent	MapR-SASL	Kerberos	PAM¹
CORE COMPONENTS
Data Fabric for Kubernetes	N/A	—	—	—
FUSE POSIX Client	N/A	—	—	—
JobClient to Resource Manager	N/A	Yes	Yes	—
MapR Installer	N/A	—	—	Yes
MapR File System	FileClient C → MapR File System	Yes	—	—
	FileClient Java → MapR File System	Yes	Yes²	—
	MapR File System ↔ MapR File System³	Yes	—	—
	CLDB ↔ MapR File System⁴	Yes	—	—
	FileClient → CLDB⁴	Yes	Yes²	—
	NFSv3 → MapR File System	Yes	—	—
	NFSv3 → CLDB⁵	Yes	—	—
MapR Database	MapR Database Java Client → MapR Database⁶	Yes	Yes²	—
	MapR Database C Client → MapR Database⁶	Yes	—	—
	AsyncHBase Client → MapR Database⁶	Yes	Yes²	—
	Hive Job Using Connector to MapR Database⁶	Yes	—	—
	Spark Job Using Connector to MapR Database⁶	Yes	—	—
	Client → HBase Thrift Gateway⁶	—	—	Yes
	HBase Thrift Gateway for MapR Database (Binary)⁷	Yes	—	—
	Client → Data Access Gateway	—	—	Yes
	Data Access Gateway → MapR Database (JSON)	Yes	—	—
	Client → HBase REST Gateway	—	Yes	Yes
	HBase REST Gateway for MapR Database (Binary)	Yes	—	—
MapR-Streams	Java Client → MapR Event Store For Apache Kafka	Yes	—	—
	librdkafka C/C#/Python Client → MapR Event Store For Apache Kafka	Yes	—	—
	Client Kafka REST Gateway	—	—	Yes
	Kafka REST Gateway → MapR Event Store For Apache Kafka	Yes	—	—
	REST Client → Kafka Connect Gateway	—	—	—
	Kafka Connect Gateway → MapR Event Store For Apache Kafka	Yes	—	—
MapR Control System⁸	Control System CLI Command	Yes	Yes	—
MapR Control System⁸	MCS Web Command (REST Interface)	—	Yes	Yes
NFSv3	N/A	—	—	—
NFSv4	N/A	—	Yes	—
ZooKeeper⁹	ZK client → ZK server	Yes	—	—
ZooKeeper⁹	ZK server ↔ ZK server	Yes	—	—
BUNDLED CLIENTS¹⁰
Data Science Refinery (DSR)	N/A	—	—	—
Persistent Application Client Container (PACC)	N/A	—	—	—
ECOSYSTEM COMPONENTS
Drill¹¹	Web client → Drillbit	—	Partial (using SPNEGO WIP)	Yes
	Drillbit ↔ Drillbit	Yes	Yes	—
	Java/C++ Client/JDBC/ODBC → Drillbit	Yes	Yes	Yes
	Drill → Hive Storage Plugin	Yes	—	—
Flume¹²	Thrift Client → Flume Agent	Yes	Yes	—
	Avro Client → Flume Agent (Netty)	—	—	—
	Flume Agent → MapR Streams	Yes	—	—
	Flume Agent → MapR Database	Yes	—	—
	Flume Agent → Hive Metastore	Yes	Yes	—
HBase	Client → HBase Thrift Gateway	Yes	Yes	Yes
	Client → HBase REST Gateway	Yes	Yes	Yes
	Hue → HBase Thrift	Yes	Yes	Yes
Hive	HiveServer2 → Metastore	Yes	Yes	—
	JDBC Client → HiveServer2	Yes	Yes	Yes
	ODBC Client → HiveServer2	—	Yes	Yes
	WebHCat → Metastore	—	Yes	—
	Hive Shell → MetaStore	Yes	Yes	—
	Beeline → HiveServer2	Yes	Yes	Yes
	Client (Browser) → HiveServer2 Web UI Server	—	—	Yes
	REST Client → WebHCat	—	Yes	—
HttpFS	Client (REST) → HttpFS	—	Yes	Yes
HttpFS	HttpFS → MapR File System	Yes	—	—
Hue	Hue → Oozie¹³	Yes	Yes	—
	Hue → YARN	Yes	Yes	—
	Hue → HbaseThrift	Yes	Yes	—
	Hue → Sqoop2	Yes	Yes	—
	Hue → HttpFS	Yes	Yes	—
	Hue → HiveServer2	Yes	Yes	Yes
	Hue → Livy Server	Yes	Yes	Yes
KSQL	KSQL → MapR Event Store For Apache Kafka (Java client)	—	—	—
KSQL	KSQL → Kafka Streams	—	—	—
Kafka Streams	Kafka Streams → MapR Event Store For Apache Kafka (Java client)	—	—	—
Livy	REST Client → Livy Server	Yes	Yes	Yes
S3 gateway	S3 gateway → MapR File System (via POSIX client)	Yes	—	—
	S3 gateway → MapR Event Store For Apache Kafka (via librdkafka)	Yes	—	—
	S3 gateway Client → S3 gateway (self-managed via credentials file)	—	—	—
Oozie	Oozie Client, REST API, Hue → Oozie Server¹⁴	Yes	Yes	—
	Oozie Server → Spark/Sqoop¹⁵	Yes	Yes	—
	Oozie Server → Beeline-HS2	Yes	Yes	Yes
	Oozie Server → Hive	Yes	Yes	—
Spark	Web Clients → Spark Component UI	No, but uses Spark's shared secret with DIGEST-MD5
	Spark Driver → Executor	No, but uses Spark's shared secret with DIGEST-MD5
	Spark Job Using Connector → MapR Database	Yes	—	—
	Spark Job Using Connector → MapR-Streams	Yes	Yes	—
	JDBC Client → Spark Thrift Server	Yes	Yes	Yes
	ODBC Client → Spark Thrift Server	–	Yes	Yes
Sqoop 2¹⁶	REST API, Hue, Sqoop 2 Client → Sqoop 2 Server	Yes	Yes	—
YARN	REST/Browser → RM/JHS/ATS	–	Yes	Yes
	Internal communication (RM/NM/JHS)	Yes	Yes	—
	Containers → YARN Services (RM/NM)	No, but uses YARN's shared secret with DIGEST-MD5
	Timeline Server	Yes	Yes	—

¹If LDAP is required, LDAP can be supported through PAM.

² Kerberos support is provided by implicit conversion of Kerberos tickets to MapR tickets.

³Payload not encrypted by default.

⁴All data exchanged with CLDB is in protobufs only and hence encrypted in secure clusters.

⁵Only admin ops to CLDB are audited. NFSv3 communication with CLDB is usually not admin-related.

⁶Accessed through the MapR client, which reads security settings from /opt/mapr/conf/mapr-clusters.conf; hence, this interface follows the secure-by-default model.

⁷MapR-SASL is supported but not enabled during installation.

⁸The MapR Control System is secure between client and webserver (API Server). The server may invoke other commands through the maprcli interface that themselves do not use secure communication.

⁹MapR uses MapR-SASL for communication with ZooKeeper.

¹⁰Includes a FUSE POSIX client, YARN client, and other client components.

¹¹Support for Kerberos has not been verified, but SPNEGO can be used in conjunction with HTTPS.

Auditing user administration operations with Hue.

Impersonation and Wire-Level Encryption in MapR 6.1

Table 2. Component Support for Impersonation and Wire-Level Encryption
Main Component	Subcomponent	Impersonation	Wire-Level Encryption
Main Component	Subcomponent	Impersonation	MapR-SASL	Kerberos	SSL/TLS
CORE COMPONENTS
Data Fabric for Kubernetes	N/A	—	—	—	—
FUSE POSIX Client	N/A	—	—	—	—
JobClient to Resource Manager	N/A	Yes	Yes	Yes	—
MapR Installer	N/A	—	—	—	Yes
MapR File System	FileClient C → MapR File System	Yes	Yes	—	—
	FileClient Java → MapR File System	Yes	Yes	—	—
	MapR File System ↔ MapR File System	—	Yes	—	—
	CLDB ↔ MapR File System	—	Yes	—	—
	FileClient → CLDB	Yes	Yes	—	—
	NFSv3 → MapR File System	Yes	Yes	—	—
	NFSv3 → CLDB	Yes	Yes	—	—
MapR Database	MapR Database Java Client → MapR Database	Yes	Yes	—	—
	MapR Database C Client → MapR Database	Yes	Yes	—	—
	AsyncHBase Client → MapR Database	Yes	Yes	—	—
	Hive Job Using Connector to MapR Database	Yes	Yes	—	—
	Spark Job Using Connector to MapR Database	Yes	Yes	—	—
	Client → HBase Thrift Gateway	—	—	—	Yes
	HBase Thrift Gateway for MapR Database (Binary)	Yes	Yes	—	—
	Client → Data Access Gateway	—	—	—	Yes
	Data Access Gateway → MapR Database (JSON)	Yes	Yes	—	—
	Client → HBase REST Gateway	—	—	—	Yes
	HBase REST Gateway for MapR Database (Binary)	Yes	Yes	—	—
MapR-Streams	Java Client → MapR Event Store For Apache Kafka	Yes	Yes	—	—
	librdkafka C/C#/Python Client → MapR Event Store For Apache Kafka	—	Yes	—	—
	Client → Kafka REST Gateway	—	—	—	Yes
	Kafka REST Gateway → MapR Event Store For Apache Kafka	Yes	Yes	—	—
	REST Client → Kafka Connect Gateway	—	—	—	—
	Kafka Connect Gateway → MapR Event Store For Apache Kafka	—	Yes	—	—
MapR Control System	MCS CLI Command	—	Yes	—	—
MapR Control System	MCS Web Command (REST Interface)	—	—	—	Yes
NFSv3	N/A	—	—	—	—
NFSv4	N/A	—	—	Yes	—
ZooKeeper	ZK client → ZK server	—	Yes	—	—
ZooKeeper	ZK server ↔ ZK server	—	—	—	—
BUNDLED CLIENTS¹
Data Science Refinery (DSR)	N/A	—	—	—	—
Persistent Application Client Container (PACC)	N/A	—	—	—	—
ECOSYSTEM COMPONENTS
Drill	Web client → Drillbit	Yes	—	—	Yes
	Drillbit ↔ Drillbit	Yes	Yes	Yes	—
	Java/C++ client → Drillbit	Yes	Yes	Yes	Yes
	Drill → Hive storage plugin	Yes	Yes	—	—
Flume	Thrift Client → Flume Agent	Yes	Yes	—	Yes
	Avro Client → Flume Agent (Netty)	—	—	—	Yes
	Flume Agent → MapR Streams	—	Yes	—	—
	Flume Agent → MapR Database	—	Yes	—	—
	Flume Agent → Hive Metastore	—	Yes	Yes	—
HBase	Client → HBase Thrift Gateway	Yes	Yes	Yes	Yes
	Client → HBase REST Gateway	Yes	—	—	Yes
	Hue → HBase Thrift	Yes	—	—	Yes
Hive	HiveServer2 → Metastore	Yes	Yes	Yes	Yes
	JDBC Client → HiveServer2	Yes	Yes	Yes	Yes
	ODBC Client → HiveServer2	Yes	—	Yes	Yes
	WebHCat → Metastore	Yes	—	Yes	—
	Hive Shell → MetaStore	Yes	Yes	Yes	—
	Beeline → HiveServer2	Yes	Yes	Yes	Yes
	Client (Browser) → HiveServer2 Web UI Server	—	—	—	Yes
	REST Client → WebHCat	Yes	—	Yes	—
HttpFS	Client (REST) → HttpFS	Yes	—	—	Yes
HttpFS	HttpFS → MapR File System	Yes	Yes	—	—
Hue	Hue → Oozie	Yes	—	—	Yes
	Hue → YARN	Yes	—	—	Yes
	Hue → HBaseThrift	Yes	Yes	Yes	Yes
	Hue → Sqoop2	Yes	—	—	Yes
	Hue → HttpFS	Yes	—	—	Yes
	Hue → HiveServer2	Yes	Yes	Yes	Yes
	Hue → Livy Server	Yes	—	—	Yes
KSQL	KSQL → MapR Event Store For Apache Kafka (Java client)	—	—	—	—
KSQL	KSQL → Kafka Streams	—	—	—	—
Kafka Streams	Kafka Streams → MapR Event Store For Apache Kafka (Java client)	—	—	—	—
Livy	REST Client → Livy Server	Yes	—	—	Yes
S3 gateway	S3 gateway → MapR File System (via POSIX client)	Yes	Yes	—	—
	S3 gateway → MapR Event Store For Apache Kafka (via librdkafka)	—	Yes	—	—
	S3 gateway → S3 gateway (self-managed via credentials file)	—	—	—	Yes
Oozie	Oozie client, REST API, Hue → Oozie Server	Yes	Yes	Yes	Yes
	Oozie Server → Spark/Sqoop	Yes	Yes	Yes	—
	Oozie Server → Beeline-HS2	Yes	Yes	Yes	Yes
	Oozie Server → Hive	Yes	Yes	Yes	—
Spark	Web clients → Spark Component UI	—	—	—	Yes
	Spark Driver → Executor	—	When running Spark-on-YARN, Driver-To-Executor communication is through YARN (Hadoop protocol), so it is fully secured.
	Spark Job Using Connector → MapR Database	—	Yes	—	—
	Spark Job Using Connector → MapR Event Store For Apache Kafka	—	Yes	—	Yes
Sqoop 2	REST API, Hue, Sqoop 2 Client → Sqoop 2 Server	Yes	Yes	Yes	Yes
Tez	Browser → Tez UI	—	—	—	Yes
	Tez UI → YARN RM	—	—	—	Yes
	Tez UI → Timeline Server	—	—	—	Yes
	Tez Containers → YARN ShuffleHandler Service	—	—	—	Yes
YARN	REST/Browser → RM/JHS/ATS	Yes	—	—	Yes
	Internal communication (RM/NM/JHS)	—	Yes	Yes	—
	Containers → YARN Services (RM/NM)	—	Yes	Yes	—
	Timeline Server	—	Yes	Yes	—

¹Includes a FUSE POSIX client, YARN client, and other client components.

Authentication in MapR 6.0.1

Table 3. Component Support for Authentication
Main Component	Subcomponent	Authentication
Main Component	Subcomponent	MapR-SASL	Kerberos	PAM¹
CORE COMPONENTS
MapR Installer	N/A	—	—	Yes
JobClient to Resource Manager	N/A	Yes	Yes	—
MapR File System	FileClient C → MapR File System	Yes	—	—
	FileClient Java → MapR File System	Yes	Yes²	—
	MapR File System ↔ MapR File System³	Yes	—	—
	CLDB ↔ MapR File System⁴	Yes	—	—
	FileClient → CLDB⁴	Yes	Yes²	—
	NFSv3 → MapR File System	Yes	—	—
	NFSv3 → CLDB⁵	Yes	—	—
MapR Database	MapR Database Java Client → MapR Database⁶	Yes	Yes²	—
	MapR Database C Client → MapR Database⁶	Yes	—	—
	AsyncHBase Client → MapR Database⁶	Yes	Yes²	—
	Hive Job Using Connector to MapR Database⁶	Yes	—	—
	Spark Job Using Connector to MapR Database⁶	Yes	—	—
	Client → HBase Thrift Gateway⁶	—	—	Yes
	HBase Thrift Gateway for MapR Database (Binary)⁷	Yes	—	—
	Client → Data Access Gateway	—	—	Yes
	Data Access Gateway → MapR Database (JSON)	Yes	—	—
	Client → HBase REST Gateway	—	Yes	Yes
	HBase REST Gateway for MapR Database (Binary)	Yes	—	—
MapR-Streams	Java Client → MapR Event Store For Apache Kafka	Yes	Yes²	—
	librdkafka C/C#/Python Client → MapR Event Store For Apache Kafka	Yes	—	—
	Client Kafka REST Gateway	—	—	Yes
	Kafka REST Gateway → MapR Event Store For Apache Kafka	Yes	—	—
	REST Client → Kafka Connect Gateway	—	—	—
	Kafka Connect Gateway → MapR Event Store For Apache Kafka	Yes	—	—
MapR Control System⁸	MCS CLI Command	Yes	Yes	—
MapR Control System⁸	MCS Web Command (REST Interface)	—	Yes	Yes
ZooKeeper⁹	ZK client → ZK server	Yes	—	—
ZooKeeper⁹	ZK server ↔ ZK server	—	—	—
ECOSYSTEM COMPONENTS
Drill¹⁰	Web client → Drillbit	—	Partial (using SPNEGO WIP)	Yes
	Drillbit ↔ Drillbit	Yes	Yes	—
	Java/C++ Client/JDBC/ODBC → Drillbit	Yes	Yes	Yes
	Drill → Hive Storage Plugin	Yes	—	—
Flume¹¹	Thrift Client → Flume Agent	Yes	Yes	—
	Avro Client → Flume Agent (Netty)	—	—	—
	Flume Agent → MapR Streams	Yes	—	—
	Flume Agent → MapR Database	Yes	—	—
	Flume Agent → Hive Metastore	Yes	Yes	—
Hive	HiveServer2 → Metastore	Yes	Yes	—
	JDBC Client → HiveServer2	Yes	Yes	Yes
	ODBC Client → HiveServer2	—	Yes	Yes
	WebHCat → Metastore	Yes	Yes	—
	Hive Shell → MetaStore	Yes	Yes	—
	Beeline → HiveServer2	Yes	Yes	Yes
	REST API → WebHCat	—	Yes	—
HttpFS	Client (REST) → HttpFS	—	Yes	Yes
HttpFS	HttpFS → MapR File System	Yes	—	—
Hue	Hue → Oozie¹²	Yes	Yes	—
	Hue → YARN	Yes	Yes	—
	Hue → HbaseThrift	Yes	Yes	—
	Hue → Sqoop2	Yes	Yes	—
	Hue → HttpFS	Yes	Yes	—
	Hue → HiveServer2	Yes	Yes	—
	Hue → Livy Server	—	—	—
Livy	REST Client → Livy Server	—	—	—
Oozie	Oozie Client, REST API, Hue → Oozie Server¹³	Yes	Yes	—
	Oozie Server → Spark/Sqoop¹⁴	Yes	Yes	—
	Oozie Server → Beeline-HS2	Yes	Yes	Yes
	Oozie Server → Hive	Yes	Yes	—
Spark	Web Clients → Spark Component UI	No, but uses Spark's shared secret with DIGEST-MD5
	Spark Driver → Executor	No, but uses Spark's shared secret with DIGEST-MD5
	Spark Job Using Connector → MapR Database	Yes	—	—
	Spark Job Using Connector → MapR-Streams	Yes	Yes	—
Sqoop 2¹⁵	REST API, Hue, Sqoop 2 Client → Sqoop 2 Server	Yes	Yes	—
YARN	REST/Browser → RM/JHS/ATS	–	Yes	Yes
	Internal communication (RM/NM/JHS)	Yes	Yes	—
	Containers → YARN Services (RM/NM)	No, but uses YARN's shared secret with DIGEST-MD5
	Timeline Server	Yes	Yes	—

¹If LDAP is required, LDAP can be supported through PAM.

² Kerberos support is provided by implicit conversion of Kerberos tickets to MapR tickets.

³Payload not encrypted by default.

⁴All data exchanged with CLDB is in protobufs only and hence encrypted in secure clusters.

⁵Only admin ops to CLDB are audited. NFSv3 communication with CLDB is usually not admin-related.

⁶Accessed through the MapR client, which reads security settings from /opt/mapr/conf/mapr-clusters.conf; hence, this interface follows the secure-by-default model.

⁷MapR-SASL is supported but not enabled during installation.

⁸The MapR Control System is secure between client and webserver (API Server). The server may invoke other commands through the maprcli interface that themselves do not use secure communication.

⁹MapR uses MapR-SASL for communication with ZooKeeper.

¹⁰Support for Kerberos has not been verified, but SPNEGO can be used in conjunction with HTTPS.

¹¹Flume agents can't be started automatically after installation. Manual configuration is required.

¹²Auditing user administration operations with Hue.

¹³A custom authentication filter can be configured.

¹⁴Oozie orchestrates Spark/Sqoop jobs using the Spark/Sqoop native client, so security is the same as Spark/Sqoop.

¹⁵SSL added to Sqoop 1.99.7. Basic access authentication is enabled by default.

Impersonation and Wire-Level Encryption in MapR 6.0.1

Table 4. Component Support for Impersonation and Wire-Level Encryption
Main Component	Subcomponent	Impersonation	Wire-Level Encryption
Main Component	Subcomponent	Impersonation	MapR-SASL	Kerberos	SSL/TLS
CORE COMPONENTS
MapR Installer	N/A	—	—	—	Yes
JobClient to Resource Manager	N/A	Yes	Yes	Yes	—
MapR File System	FileClient C → MapR File System	Yes	Yes	—	—
	FileClient Java → MapR File System	Yes	Yes	—	—
	MapR File System ↔ MapR File System	—	Yes	—	—
	CLDB ↔ MapR File System	—	Yes	—	—
	FileClient → CLDB	Yes	Yes	—	—
	NFSv3 → MapR File System	Yes	Yes	—	—
	NFSv3 → CLDB	Yes	Yes	—	—
MapR Database	MapR Database Java Client → MapR Database	Yes	Yes	—	—
	MapR Database C Client → MapR Database	Yes	Yes	—	—
	AsyncHBase Client → MapR Database	Yes	Yes	—	—
	Hive Job Using Connector to MapR Database	Yes	Yes	—	—
	Spark Job Using Connector to MapR Database	Yes	Yes	—	—
	Client → HBase Thrift Gateway	—	—	—	Yes
	HBase Thrift Gateway for MapR Database (Binary)	Yes	Yes	—	—
	Client → Data Access Gateway	—	—	—	Yes
	Data Access Gateway → MapR Database (JSON)	Yes	Yes	—	—
	Client → HBase REST Gateway	—	—	—	Yes
	HBase REST Gateway for MapR Database (Binary)	Yes	Yes	—	—
MapR-Streams	Java Client → MapR Event Store For Apache Kafka	Yes	Yes	—	—
	librdkafka C/C#/Python Client → MapR Event Store For Apache Kafka	—	Yes	—	—
	Client → Kafka REST Gateway	—	—	—	Yes
	Kafka REST Gateway → MapR Event Store For Apache Kafka	Yes	Yes	—	—
	REST Client → Kafka Connect Gateway	—	—	—	—
	Kafka Connect Gateway → MapR Event Store For Apache Kafka	—	Yes	—	—
MapR Control System	MCS CLI Command	—	Yes	—	—
MapR Control System	MCS Web Command (REST Interface)	—	—	—	Yes
ZooKeeper	ZK client → ZK server	—	Yes	—	—
	ZK server ↔ ZK server	—	—	—	—
ECOSYSTEM COMPONENTS
Drill	Web client → Drillbit	Yes	—	—	Yes
	Drillbit ↔ Drillbit	Yes	Yes	Yes	—
	Java/C++ client → Drillbit	Yes	Yes	Yes	Yes
	Drill → Hive storage plugin	Yes	Yes	—	—
Flume	Thrift Client → Flume Agent	Yes	Yes	—	Yes
	Avro Client → Flume Agent (Netty)	—	—	—	Yes
	Flume Agent → MapR Streams	—	Yes	—	—
	Flume Agent → MapR Database	—	Yes	—	—
	Flume Agent → Hive Metastore	—	Yes	Yes	—
Hive	HiveServer2 → Metastore	Yes	Yes	Yes	Yes
	JDBC Client → HiveServer2	Yes	Yes	Yes	Yes
	ODBC Client → HiveServer2	Yes	—	Yes	Yes
	WebHCat → Metastore	Yes	—	Yes	—
	Hive Shell → MetaStore	Yes	Yes	Yes	—
	Beeline → HiveServer2	Yes	Yes	—	Yes
	REST API → WebHCat	Yes	—	Yes	—
HttpFS	Client (REST) → HttpFS	Yes	—	—	Yes
HttpFS	HttpFS → MapR File System	Yes	Yes	—	—
Hue	Hue → Oozie	Yes	—	—	Yes
	Hue → YARN	Yes	—	—	Yes
	Hue → HBaseThrift	Yes	Yes	—	—
	Hue → Sqoop2	Yes	—	—	Yes
	Hue → HttpFS	Yes	—	—	Yes
	Hue → HiveServer2	Yes	Yes	Yes	Yes
	Hue → Livy Server	—	—	—	—
Livy	REST Client → Livy Server	—	—	—	—
Oozie	Oozie client, REST API, Hue → Oozie Server	Yes	Yes	Yes	Yes
	Oozie Server → Spark/Sqoop	Yes	Yes	Yes	—
	Oozie Server → Beeline-HS2	Yes	Yes	—	Yes
	Oozie Server → Hive	Yes	Yes	Yes	—
Spark	Web clients → Spark Component UI	—	—	—	Yes
	Spark Driver → Executor	—	When running Spark-on-YARN, Driver-To-Executor communication is through YARN (Hadoop protocol), so it is fully secured.
	Spark Job Using Connector → MapR Database	—	Yes	—	—
	Spark Job Using Connector → MapR Event Store For Apache Kafka	—	Yes	—	Yes
Sqoop 2	REST API, Hue, Sqoop 2 Client → Sqoop 2 Server	Yes	Yes	Yes	Yes
YARN	REST/Browser → RM/JHS/ATS	Yes	—	—	Yes
	Internal communication (RM/NM/JHS)	—	Yes	Yes	—
	Containers → YARN Services (RM/NM)	—	Yes	Yes	—
	Timeline Server	—	Yes	Yes	—